The present disclosure relates to digital certificates, and more specifically, to managing digital certificates in an enterprise computing environment.
A commercial, governmental, or other organization may employ multiple computer systems that are connected by a network. As one example, an enterprise may have one or more websites that are relatively large, relatively complex, or both. A relatively large number of computer systems, e.g., servers, of various types may be used to support the website. The computer systems may be located at multiple locations and various computer systems may communicate with one another and systems outside of the enterprise over public networks, such as the internet. Some of the enterprise's computer systems, e.g., web servers, may be configured to interface with external computer systems, such as those of customers and suppliers. Other computer systems may be configured for processing data, retrieving data from enterprise databases, and performing other functions.
A complex network of computer systems in an enterprise environment may be referred to as a distributed application or applications. The enterprise network of computer systems can be set up and managed using a software application designed for this purpose. Software applications of this type are sometimes referred to as “middleware.”
Secure communication channels between each enterprise computer system and other internal and external systems is essential for a variety of types of communications. As a few examples, the messages sent in electronic commerce, banking, and stock trading applications include confidential, personal information. In addition, communication between the computer systems needs to be fast. Security for an enterprise network of computer systems can be provided at the transport layer using a protocol known as Secure Sockets Layer (SSL).
The SSL protocol uses electronic documents or files known as “digital certificates.” A digital certificate may also be referred to as a public key or signer certificate. An International Telecommunication Union (ITU) standard known as X.509 specifies the contents of a digital certificate. Among other things, a digital certificate contains a public key of the name of a person or entity, the public key of that person or entity, and a digital signature (often of a certificate authority) that certifies that the enclosed public key belongs to the named person or entity.